Analysis
-
max time kernel
118s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 00:36
Static task
static1
Behavioral task
behavioral1
Sample
704e0182cc1d14b998d02572a8bedb8f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
704e0182cc1d14b998d02572a8bedb8f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
704e0182cc1d14b998d02572a8bedb8f_JaffaCakes118.html
-
Size
230KB
-
MD5
704e0182cc1d14b998d02572a8bedb8f
-
SHA1
5ceccc5567e75b0298be865abc07de92cbff8867
-
SHA256
4791b365069e5b74e0fe4a132ce764fdd1f86c26d599c1be9b622f34880b58fb
-
SHA512
6c294a9a1c176686bd4eee11d6a647ce69a37c7cfe089bef6b15ca1ab39ec54ed5fbcbc05f290cf7ff632dd275da5d00b069496634b0f2f09c99ea6f5453d221
-
SSDEEP
1536:dLnUvZ859Pg4yZ1wm03pbFFyXJpSiqKGvZCqMsDcyZynVLEQ61AB9hjRP0Uvip:Rxb7q5SOU1AB9hjRP0Uv+
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000b8aa174d1ba21f4693fb94c5c7eb63193ddbb62fa92376fa690ced30baffac43000000000e80000000020000200000004c3f4609cee54bc61f08aae4c5febe92d2575ae1aad100dd49ba109ad34cc5502000000046b7c191a3e58deae33c9ea93f03368916a15c791c2fbdc2001b02dbc1b9d4e14000000012333b35645f184795b6e30bdb7e72f2c9c9692ee6593df7b07a946b79e6371922d2692a5ac77604f2dae8c4d45ee12346b0c9272772a5186a901390486a0021 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759260" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D31865C1-1A2E-11EF-B27D-6A387CD8C53E} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000baa13bf2524ee359645a09e8f53658027423f03a9a2f9420d2da86b4f8795667000000000e80000000020000200000005a6d9f0519b0b4a11d5ca8055cf190c04a21aead109c80ad1a81642a6b7f9fae9000000045cc362e9ec1950512c6781ab1822877d15f8084c5479d6ccbecea90a221195d07d8e0c9a06b2937e6b1fc4ef7bdf0b504915310e8e09a1fdbd31dd380e6f0eac1325e3b07f2a8fc5608fdc5cfb33b8a07737c202bc7fb89352ff821f480c55f7a4cee6e4b9b0071cfe91684bb7dc78c793ed7495853192d729b8e07b9accd04f595b7e2bf65b78c00942e6f2514e19b400000001f4d9e945d03477c961d6149e862945f329d49c653b2ada66973f1ff66799fef5d9b778c87ef86e932803e889a35928fdbbf66a9b747ed32076690be20b6905d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400500d63baeda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2848 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2848 iexplore.exe 2848 iexplore.exe 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE 2152 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2152 2848 iexplore.exe 28 PID 2848 wrote to memory of 2152 2848 iexplore.exe 28 PID 2848 wrote to memory of 2152 2848 iexplore.exe 28 PID 2848 wrote to memory of 2152 2848 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e0182cc1d14b998d02572a8bedb8f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2152
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54ccc896f3d01c7b4a709e82d98a0a1be
SHA1d3f4c52134381d1831c03ad30aa80c4844457204
SHA2568f06f0526722da93850968058f418b7a94d24a5fb04b95711a14084b5a1f20dc
SHA512ecf8e471e49b5257ddbd4d6e1863c66524dbb803e4aff3fc7b2833e43c93e2b7387204f16fc81f02545263bbe4ab2d7acad6f122c118e24da025a991febb36c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52d6661cd9a338881623cff85e23690a7
SHA1132fd841a77342a82c18160881bc2f69cace04fa
SHA2566b1daf79d40bdbc9d589a8d6307adc5ae855bb3d3bc84f92a289c95130d6461a
SHA512e9badd842c02179b99fee8d97bfa3209efd7f3418bf0784928a8b339480e42f5753510d2171cd8289cc90d07c47682e64139bc7c4450b19c2a5eb2d86df3e3d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f47236aaecff03f7b1dd0a2e98dc0a40
SHA177219e09ddc4d9b667d605f74f5af91be0bc65ff
SHA256c4850d11636547d24cb70e84d7765d212fa994b5c13e9ae3219999c66634edb6
SHA512943db6f5cd72a15881ab77ca69d445eae266edcc15774829fe32fc4cc1efb2c40f4cf0d78b1ebe3429646aff4aa1a15a9197507422578a6b92aeca94f1fc8cb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5058ddcde19b65733b351bc9a29ae3add
SHA10bb94a781c8506ede9788110b923e81dc9e249bb
SHA256eec6c9bd1c857a6f646463332f16396c3d21db6aca9d5f90c4119b34939887f1
SHA512e960f6937d24d831e951182cae34297b125a8a6639e680df351ab2f4fed4d0a33f00f39559093adb3ab622141111f77cd394a08f47d2eefec5e75a8e92b21a6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51c21722e61ed7643bcbacba690d1ded0
SHA1141052d4df96722cfcceeaabcad14345c8c58b9d
SHA2562f56b5942fb923074219ea06d943a8a5f7e59e6c5bdcf3d7dfd0301d3a531111
SHA512d6005f15fc7540ec32d118d7816392676244adb38fb0c246ceca161c5caec5d2911adfaa35e262c9be7c2fb2a773afbc8bbf38f40b13917711d3aea55af32ffd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d0997a0250249f785e8f5cf3446143e6
SHA1de129104325a9edb52c299f45239d3705f7e8427
SHA256cc8e2c4af832724fdfbc69d64339eade591499189c2347500d5b49c679e44315
SHA512c87fbe6e109aa46dace7d2e6d16d00aa9333b14a024ec434525ca989b77a5b31bb00ddb90c311bd8cc4690af9213427fe8508d9b6efa29b4492faf14680267b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD501fe0b3374fe2685b511074dcf89ee1e
SHA1f18133eb8d58c955c0e67369e8acf515ad420c58
SHA25688cdfb335c412ecd260c294359fbd2c9b0bec1d99a2fd2f578947466a8aa5e43
SHA512500a15a146d9b58e0b1503b489688e48f9ccef7a91c5af291709aea45a6a94e594f1fbc0fe5eb4c062dcf360e7ac3d795eedfc6c833269908da8c45eabbb25cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD584239d15a84ba0d4538daf53a9688a6c
SHA1c7e30c503f698c098140a05d28c216c0b1212e42
SHA2569ee34e67443e50c4cc8c1382b694aa961907497c14702b2555d79fee1ff1bbf4
SHA51278f9641c307d118b4ebcbdaa1c8761c9af8c508c929776dc606496c56dc0b6803ad1119ed16c46af53b09af3217f043a80c3a7c3a805095d144018128e5348be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f46707e0874cdbe2960109ff333696fa
SHA1b9c00e7b243bcccef3b09d4f5c517452c01cdbb3
SHA256de49c364406e593681d46502493c694d61d77698b5dab42ac6e21cb91eb8b0e9
SHA51216e2df42668e0757850888d415dbe759f678e623afac7e2aad20cbee8709f6ff947750e1c46bb8a65af176a1ca98f52a821bb16a8b83a7514f79d6cd714cefc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53dd5aed8514480f02f1e8e473e91613b
SHA1ec7dbec707e5057919616463f6c2dc12ea6c225a
SHA2563b1700f61c1199be1f6f99f4931838ab2621cba7658027a6dff68613755f8d42
SHA5124305a1c43af5ebf9ead7a677f6ba35ab23603d81db14cbd0b14a72ef35f1e657c52924a2ffef302c0b1cdfd5c332c27dacbe1463a57d0a26f63cdc3683cf49af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51d014993869f8368b626a3beed807a45
SHA100957f575928e253f11137db65654d58cdb3f146
SHA256329652c2ee19877c59117d339bc98dbf9ab9ce59e4b474b51f23c42a69ecf2f9
SHA512302d3052c7900dbe470803fa7e45fb88ecfb6da750853d8c2ec6e2782309138553a3c8374fdd9581d8b6c14f8168694365ba2d39c48fe3ca170ad4c2786d0684
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59ed1f01f5fc7052155c7354449d02310
SHA167793a46f67b48799e9c8857c350dd23156f3508
SHA2565c52f21ecf2d8380f0805bef31422143b156a640374d1ca8bc515d6f6e18b9b3
SHA51221be9191aa74db57cb3618b97343a9d1a6e47a306e0914d3e14bd6f2d390cc9f9d34e3431e9127ebb0fe00f5b1cc226babb51bf3b052305b1a92440161f5f0dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b71dc110c17ee3c47a95f65ca298b379
SHA1cda277b886541e07586c4f304b06c18f6b49bb74
SHA2564f041a797e0cd49412fe5c420bbaf40c7ef694236d552fd86b3327f0fac08629
SHA5126a9a1f670afea4ce0c548c48b1a08b7ef70370c64d014d12a0c4d900b52aa472d30815df5d5c6bba640ff00b729f3733760f6af9c5e1f8dea0a492f2325307d8
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a